Activity Feed
- Karma Re: Splunk cloud- How to change the background color of a dashboard in the source code for ITWhisperer. 10-13-2022 01:20 AM
- Posted Re: ERROR TcpInputProc - Message rejected. Received unexpected message of size=369296128 bytes for syslogs on Getting Data In. 08-25-2020 08:17 AM
- Posted ERROR TcpInputProc - Message rejected. Received unexpected message of size=369296128 bytes for syslogs on Getting Data In. 08-25-2020 07:10 AM
- Posted Re: Why can't I see non-internal indexes in Cluster Master Clustering dashboard after distributing 2 new indexes via con on Deployment Architecture. 08-13-2020 09:22 AM
- Karma Re: Why can't I see non-internal indexes in Cluster Master Clustering dashboard after distributing 2 new indexes via configuration bundle? for dxu_splunk. 08-13-2020 09:22 AM
- Tagged Re: Why can't I see non-internal indexes in Cluster Master Clustering dashboard after distributing 2 new indexes via con on Deployment Architecture. 08-13-2020 09:22 AM
- Karma Re: Why is cluster master not showing custom indexes in Indexer Clustering:Master Node Dashboard? for sudoiamroot. 08-13-2020 09:20 AM
- Posted Re: Why is cluster master not showing custom indexes in Indexer Clustering:Master Node Dashboard? on Getting Data In. 08-13-2020 09:18 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 |
08-25-2020
08:17 AM
Hi R.Ismo, Thanks for the reply. The error message is from the indexer. As per the error message, the size of the incoming message is 369296128 bytes that turn around 352 MB. SSL is working fine as we have logs from the other data sources coming to indexers through the same UF. This is the first time we are trying to inboard the Syslogs using TCP port. Thanks, Kundan
... View more
08-25-2020
07:10 AM
Hi, I am trying to inboard a new Syslog coming from a Syslog ng server but data is not indexing. Getting the below error in the internal logs in SH. ERROR TcpInputProc - Message rejected. Received unexpected message of size=369296128 bytes from src=xx.xx.xx.xx:xxxxx in streaming mode. Maximum message size allowed=67108864. (::) Possible invalid source sending data to splunktcp port or valid source sending unsupported payload. Below is the path I have set for the incoming logs. Syslog-ng server > Universal Forwarder(TCP port) > Indexer Below are the configurations set at the forwarder end: inputs.conf [tcp://xxxxx] sourcetype=syslog index = Index_name disabled=false outputs.conf [tcpout] defaultGroup = ABC maxQueueSize = 7MB useACK = true [tcpout:ABC] server = index_server1:42000, index_server2:42000, index_server3:42000 # SSL SETTINGS sslCertPath = $SPLUNK_HOME/etc/auth/server.pem sslRootCAPath = $SPLUNK_HOME/etc/auth/ca.pem sslPassword = xxxx sslVerifyServerCert = true After the issue, I have tried to resolve it by setting the value of bucketRebuildMemoryHint to auto and manually both in the indexes.conf but it didn't work. indexes.conf [default] bucketRebuildMemoryHint = 569366123. Can anyone please advise me on this? Please let me know in case I am missing any information I missed to share which might help in reaching out to the solution. Thanks in Advance 🙂
... View more
08-13-2020
09:22 AM
Faced exactly the same issue. Issue resolved after adding "repFactor = auto" in test though in production everything is working fine without "repFactor = auto".
... View more
- Tags:
- repoFactor
08-13-2020
09:18 AM
Faced exactly the same issue. Issue resolved after adding "repFactor = auto" in test though in production everything is working fine without "repFactor = auto".
... View more
